Published: 28/10/2016 Updated: 03/09/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Subscribe to Unified Security Management

PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM prior to 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes.

Vulnerable Product	Search on Vulmon	Subscribe to Product
alienvault unified security management
alienvault open source security information and event management

Alienvault OSSIM/USM versions 531 and below suffer from a php object injection vulnerability ...

Details ======= Product: Alienvault OSSIM/USM Vulnerability: PHP Object Injection Author: Peter Lapp, lappsec () gmail com CVE: CVE-2016-8580 Vulnerable Versions: <=531 Fixed Version: 532 Vulnerability Details ===================== A PHP object injection vulnerability exists in multiple widget files due to the unsafe use of the unserial ...

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::SSH def initialize(info={}) super( ...

CWE-284 https://www.alienvault.com/forums/discussion/7766/security-advisory-alienvault-5-3-2-address-70-vulnerabilities http://www.securityfocus.com/bid/93864 https://www.exploit-db.com/exploits/40682/https://nvd.nist.gov https://packetstormsecurity.com/files/139488/Alienvault-OSSIM-USM-5.3.1-PHP-Object-Injection.html https://www.exploit-db.com/exploits/40682/

CVE-2016-8580

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect